LDAP

LDAP (Lightweight Directory Access Protocol) is a protocol that applications can use to retrieve data about users and groups from an LDAP server.

You must have a Skylight "Admin" role in order to configure LDAP.

LDAP Configuration

To connect Skylight to an LDAP directory:

  1. Navigate to Domain Settings and select the Authentication tab.

  2. Ensure SAML authentication is configured prior to configuring LDAP.

  3. Click to enable LDAP federation.

  4. Input the Server Configuration:

    • (Optional) Vendor - Any nickname to describe the vendor of the LDAP server.

    • Server hostname - The hostname or IP address of the LDAP server.

    • (Optional) Server port - The port of the LDAP server.

  5. (Optional) If connecting to the LDAP server over a secure connection, input the Security Configuration:

    • Security method - The security method for connecting to the LDAP server.

    • Certificate hostname - The hostname to verify the certificate against.

    • Skip certificate hostname verification - Flag to connect without verifying the certificate's host against certHostname.

    • rootCAsPem - PEM encoded string that defines the root CA(s) that clients use when verifying the server certificate.

  6. Input the Administration Account information:

    • Bind DN - The username used to connect to the LDAP server.

    • Bind credential - The password used to connect to the LDAP server.

  7. Input the User Directory Configuration:

    • Base DN - The base DN for your directory. (ex. cn=users,dc=ad,dc=example,dc=com)

    • UUID attribute - The LDAP attribute you use to uniquely identify your users. (ex. sAMAccountName)

    • Automatic sync interval (in hours) - The interval in which Skylight should synchronize the user and group data with the LDAP server.

  8. (Optional) Select User Attributes next to User Directory Configuration to map LDAP user attributes to Skylight user attributes.

  9. Configure the Query / Filter Configuration to input filter queries for mapping LDAP users to Skylight groups and/or roles .

  10. Click SAVE in the bottom-right of the window to commit your changes.

Manual Sync

To manually trigger a sync of the users and groups from the LDAP server into Skylight outside of the configured sync interval:

  1. Press the button under User Directory Configuration.